Thank you so much Chris and Mark! Sincerely appreciate the inputs.

Sent from my iPhone

> On Apr 11, 2018, at 8:16 AM, Christopher Schultz 
> <> wrote:
> Mark and Amit,
>> On 4/10/18 2:21 AM, Mark Thomas wrote:
>>> On 9 April 2018 23:29:43 BST, Amit Pande <> wrote:
>>> Some more debugging here and I got some stuff working here.
>>> Only one question:
>>> It is not really clear from the documentation of "clientAuth"
>>> "Set to true if you want the SSL stack to require a valid certificate
>>> chain from the client before accepting a connection. Set to want if you
>>> want the SSL stack to request a client Certificate, but not fail if one
>>> isn't presented. A false value (which is the default) will not require
>>> a certificate chain unless the client requests a resource protected by
>>> a security constraint that uses CLIENT-CERT authentication. See the SSL
>>> HowTo for an example. That SSL HowTo also contains tips on using
>>> per-user or per-session certificate-based clientAuth."
>>> So, if I am using a clientAuth="false" and relying on "CLIENT-CERT"
>>> configuration, does that mean browsers won't prompt users to supply the
>>> certificate when a protected resource is accessed?
>> In that scenario the browser will prompt the user for a certificate if 
>> everything is correctly configured.
>> However, it is possible that the browser will determine that it has no 
>> matching certificates and therefore decide not to display the certificate 
>> prompt.
> Also, sometimes browsers will "remember" your choice from a prior
> interaction during the same browser session. So for example if you have
> clientAuth="want" and you press "No/Cancel/[escape]/[close window]" the
> browser may "remember" that you don't want to present a certificate.
> -chris
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to